Azure AD – Conditional Access policies now applied to all client application by default

By now, you should already know the Conditional Access feature provided with Azure AD, helping you defining conditions to authorize access to applications/resources – like requesting multi factor authentication when outside of the corporate network.

You should also know that legacy authentication endpoints (like SMTP, POP or IMAP) should be blocked.

Well, an important update has been introduced on Conditional Access policies which made any new policy being automatically applied to all client application, including these legacy endpoints (client apps).

Which means if you need to exclude the policy to apply to these legacy you will need to add it as an exclusion to the policy.


Don’t forget you can also get reports on usage of these legacy applications using the sign-ins reporting capability using the application filter

image_thumb[3]  image_thumb[2]

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies